Fixed by adding "fips = no" to the stunnel config file. I don't remember what version was of stunnel I had before but apparently 4.56 enables it by default.
On Sun, Jan 5, 2014 at 5:01 PM, slamp slamp <slack...@gmail.com> wrote: > Hello All, > > Anyone able to use stunnel successfully in Fedora 20? It has been working > for me for awhile prior to upgrading. > > Stunnel starts up fine, but as soon as it is used, it crashes but no > indication as to why. > > I really only use stunnel to interface my sendmail with my ISP, if there > is a simple way of doing this with sendmail, I'll remove stunnel. > > I believe I am using a simple config: > > $ cat /etc/stunnel/stunnel.conf > ; Some performance tunings > socket = l:TCP_NODELAY=1 > socket = r:TCP_NODELAY=1 > > ; Some debugging stuff useful for troubleshooting > debug = 7 > output = /var/log/stunnel.log > > ; Use it for client mode > client = yes > verify = 0 > > ; Service-level configuration > > [pseudo-ssmtp] > accept = relay-domain:2525 > connect = smtp.verizon.net:465 > > > ------------------ > logs: > > 2014.01.05 15:51:42 LOG7[613:3071158144]: Clients allowed=500 > 2014.01.05 15:51:42 LOG5[613:3071158144]: stunnel 4.56 on > i686-redhat-linux-gnu platform > 2014.01.05 15:51:42 LOG5[613:3071158144]: Compiled/running with OpenSSL > 1.0.1e-fips 11 Feb 2013 > 2014.01.05 15:51:42 LOG5[613:3071158144]: Threading:PTHREAD > Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP > 2014.01.05 15:51:42 LOG5[613:3071158144]: Reading configuration from file > /etc/stunnel/stunnel.conf > 2014.01.05 15:51:42 LOG5[613:3071158144]: FIPS mode is enabled > 2014.01.05 15:51:42 LOG7[613:3071158144]: Compression not enabled > 2014.01.05 15:51:42 LOG7[613:3071158144]: Snagged 64 random bytes from > /dev/urandom > 2014.01.05 15:51:42 LOG7[613:3071158144]: PRNG seeded successfully > 2014.01.05 15:51:42 LOG6[613:3071158144]: Initializing service > [pseudo-ssmtp] > 2014.01.05 15:51:43 LOG7[613:3071158144]: SSL options set: 0x00000004 > 2014.01.05 15:51:43 LOG5[613:3071158144]: Configuration successful > 2014.01.05 15:51:43 LOG7[613:3071158144]: Service [pseudo-ssmtp] (FD=12) > bound to 127.0.0.1:2525 > 2014.01.05 15:51:43 LOG7[737:3071158144]: Created pid file > /var/run/stunnel.pid > 2014.01.05 16:21:57 LOG7[737:3071158144]: Service [pseudo-ssmtp] accepted > (FD=3) from 127.0.0.1:34007 > 2014.01.05 16:21:57 LOG7[737:3078183744]: Service [pseudo-ssmtp] started > 2014.01.05 16:21:57 LOG7[737:3078183744]: Waiting for a libwrap process > 2014.01.05 16:21:57 LOG7[737:3078183744]: Acquired libwrap process #0 > 2014.01.05 16:21:57 LOG7[737:3078183744]: Releasing libwrap process #0 > 2014.01.05 16:21:57 LOG7[737:3078183744]: Released libwrap process #0 > 2014.01.05 16:21:57 LOG7[737:3078183744]: Service [pseudo-ssmtp] permitted > by libwrap from 127.0.0.1:34007 > 2014.01.05 16:21:57 LOG5[737:3078183744]: Service [pseudo-ssmtp] accepted > connection from 127.0.0.1:34007 > 2014.01.05 16:21:57 LOG6[737:3078183744]: connect_blocking: connecting > 206.46.232.100:465 > 2014.01.05 16:21:57 LOG7[737:3078183744]: connect_blocking: s_poll_wait > 206.46.232.100:465: waiting 10 seconds > 2014.01.05 16:21:57 LOG5[737:3078183744]: connect_blocking: connected > 206.46.232.100:465 > 2014.01.05 16:21:57 LOG5[737:3078183744]: Service [pseudo-ssmtp] connected > remote server from 172.16.133.25:56457 > 2014.01.05 16:21:57 LOG7[737:3078183744]: Remote socket (FD=14) initialized > 2014.01.05 16:21:57 LOG7[737:3078183744]: SNI: sending servername: > smtp.verizon.net > 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): > before/connect initialization > 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 write > client hello A > 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read > server hello A > 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate > verification: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, > Inc./CN=GTE CyberTrust Global Root > 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled > 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=3, > /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust > Global Root > 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate > verification: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, > Inc./CN=GTE CyberTrust Global Root > 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled > 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=3, > /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust > Global Root > 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate > verification: depth=2, /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore > CyberTrust Root > 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled > 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=2, > /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root > 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate > verification: depth=1, /O=Cybertrust Inc/CN=Cybertrust Public SureServer SV > CA > 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled > 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=1, > /O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA > 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate > verification: depth=0, /C=US/ST=Texas/L=Irving/O=Verizon Data Services > LLC/OU=SLB Mail/CN=smtp.verizon.net > 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled > 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=0, > /C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=SLB Mail/CN= > smtp.verizon.net > 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read > server certificate A > 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read > server key exchange A > 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read > server done A > >
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
